Deploy RC 285 to Production#8523
Merged
mitchellhenke merged 17 commits intostages/prodfrom Jun 1, 2023
Merged
Conversation
changelog: Internal, Static Analysis, Improve stylesheet linting to report unnecessary inline configuration
* separate redirects for phone OTP verification * Remove after_otp_verification_confirmation_url changelog: Internal, Refactor, Remove after_otp_verification_confirmation_url * add method to make intention clearer
changelog: Internal, Performance, Reduce size of application stylesheet in critical path
* Add BadgeComponent for design system badges changelog: Internal, Components, Refactor badges as reusable UI component * Remove partials in favor of inlined component render See: https://github.com/18F/identity-idp/pull/8491/files#r1206802012
Resolves LG-6146 changelog: Internal, Deployment, Remove ERB processing of configuration file
The in-person tests were using the `sign_in_user` helper to test that a user sees the screen with their barcode visible. This signs in with Warden which does not run through all of the before actions for signing in. Additionally, when the in person happy path tests were signing in the user was already signed in. This commit addresses both of the above. [skip changelog]
* Use sendBeacon() for frontend analytics sendBeacon() is a browser API for making POST requests where you don't really care about the response. The browser enqueues the request and is able to actually make it at a time that will minimally impact performance (i.e. batch requests to save battery, etc.). changelog: Internal, Analytics, use sendBeacon() for frontend analytics * Remove fetch() fallback * Make trackEvent synchronous We now only use sendBeacon(), which is a synchronous API. :fingers_crossed: this fixes a few places where trackEvent requests were not being sent * Move sendBeacon def in spec_helper.js Put it more in line with other stuff like it * Don't bother testing for not using fetch()
changelog: Internal, Developer setup, Brewfile for dependency management *Summary of changes* We're looking at adding a dependency soon, which could cause some issues with local development for folks if they didn't know they need to manually install it. We thought adding a `Brewfile` and having the setup script run `brew bundle` would help mitigate the difficulties of that change. There's a bonus in that it's self documenting too! It would also: - make initial setup for new developers much more straightforward - make future changes to dependencies easier to manage - prevents a mixture of dependencies installed in different ways (for instance, I think when I initially set things up I ended up with one version of postgres downloaded manually from the doc-linked site, and another via homebrew) Notes: - As pointed out by @pauldoomgov, we use [postgres@13 in production](https://github.com/18F/identity-devops/blob/33ba02736b37f3a79c50479892a03c6f3e920041/terraform/app/rds-variables.tf#L82), so it would be good to encourage use of 13 locally. The method I chose to try and enforce this was using `brew services stop --all` before starting the services we want (where I specify 13). - I tried various combinations of having these dependencies installed / uninstalled before running `make setup` and the script seems to still work. But I don't have a machine without MacOS to test on to make sure it works for everyone. - While making relevant doc changes, I also fixed up some syntax for readability / easy re-ordering of steps Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Zach Margolis <zachary.margolis@gsa.gov>
* Fix #confirm_no_pending_gpo_profile specs * Redirect in IdvStepConcern if user is idv_doc_auth throttled This is the DocumentCapture throttle * Add throttle checks to idv_controller * Move check_throttled_and_redirect to IdvSession concern and use in IdvStepConcern Both IdvController and IdvStepConcern need to check if the user is throttled and redirect as needed. changelog: User-facing Improvements, Identity Verification, Give a user immediate feedback if they return to IdV while they are still rate-limited * Add extra analytics arg for :proof_address * Let PhoneController check its own rate limiter PhoneController#update checks for success before rate limiting the user. Do not redirect to error page from before_action for the PhoneController for its rate limiter. * Extract RateLimitConcern * Move specs from IdvStepConcernSpec to RateLimitConcernSpec * Check if throttle and controller match at the beginning to avoid duplicate logging * Check for matching controllers only on update That way controllers don't have to do their own checking on show * Move IdvController rate limit check to a before_action And rename the method to confirm_not_rate_limited --------- Co-authored-by: AmirReavis-Bey <amirreavis-bey@fcoh2j-wyp9w9mv.localdomain> Co-authored-by: John Maxwell <john.maxwell@gsa.gov> Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov>
* request: Omit CSRF token for non-validated requests changelog: Internal, Performance, Exclude request forgery token from front-end requests when not required * Add comment reference to Rails logic
* LG-9798: Add a new script to IDP that actions account changelog: Internal, Reporting, Add action-account script with review-reject and review-pass.
* Redirect to DocumentCapture when :skip_upload_step is true * In LinkSentController, redirect to HybridHandoff when document upload is cancelled When the doc_auth_hybrid_handoff_controller enabled flag is set [skip changelog] --------- Co-authored-by: Amir Reavis-Bey <amir.reavis-bey@gsa.gov>
changelog: Bug Fixes, In-person proofing, Fix NoMethodError on unexpected response from USPS
* Improve speed of some sign-in feature tests changelog: Internal, Continuous Integration, Improve speed of some sign-in feature tests * update knapsack
* Add route, action, and view for state id error Tell the user that we're having trouble with AAMVA changelog: User-Facing Improvements, IdV, Warn user when unable to communicate with MVAs. * Redirect user to warning on MVA error For timeouts, unavailability, etc. * Update happy path analytics specs * Fix #state_id_warning tests * Update StateIdMockClient spec * Base state_id_warning on idv/shared/error * Add StepIndicatorConcern to SessionErrorsController Get the step indicator displayed on some of these errors. * Fix failing SessionErrorsController test Related to adding the step indicator back -- needed an additional stub * Use failure_to_proof_path instead of cancel * Use idv_doc_auth_return_to_sp_path This isn't a failure to proof, it's the user choosing to stop.
* Guard IdvStepConcern before actions for nil current_user Accessing a standard flow page from the hybrid flow was causing 500 errors in these before actions. The user will see that their session expired instead of a 500 error. If they click the browser back button, they successfully go back where they were. changelog: Bug Fixes, Identity Verification Hybrid Flow, Fix 500 error if user goes from hybrid flow page to standard flow page --------- Co-authored-by: John Maxwell <john.maxwell@gsa.gov>
mitchellhenke
requested review from
aduth,
jmhooper,
matthinz,
soniaconnolly and
zachmargolis
aduth
approved these changes
Jun 1, 2023
aduth
approved these changes
Jun 1, 2023
zachmargolis
approved these changes
Jun 1, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal